For managing Shield Advanced protected resources, you can choose to have AWS Config enabled on selected resource types, such as a Shield Advanced–supported resource. AWS Config must be enabled in the accounts and Region where you have Shield Advanced–protected resources that you want to manage by using Firewall Manager.For more details on setting up Firewall Manager administrator accounts, see AWS Firewall Manager prerequisites and the blog post Use AWS Firewall Manager to deploy protection at scale in AWS Organizations. A Firewall Manager administrator account set up with subscribed member accounts.
For more details on setting up AWS Organizations, you can review the AWS Organizations User Guide and the blog post Best Practices for Organizational Units with AWS Organizations. At a minimum, an organization should be defined with at least two member accounts. An environment with AWS Organizations configured.In order to implement these steps, you must have the following: Once Security Hub is enabled for your organization, you can simulate a DDoS event in strict accordance with the AWS DDoS Simulation Testing Policy or use one of AWS DDoS Test Partners. Before you proceed, see the architecture requirements in the next section. You will be setting up Security Hub in an account that has the prerequisite services configured in it as explained below. The Security OU is home to the designated administrator account for Firewall Manager and the Security Hub dashboard. The Security OU was created to centralize security functions across all AWS accounts and OUs, obscuring the visibility of the production environment resources from the Security Operations Center (SOC) engineers and other security staff. The resources in Account 1 are protected by Shield Advanced. The diagram illustrates a customer using AWS Organizations to isolate their production resources into the Production Organizational Unit (OU), with further separation into multiple accounts for each of the mission-critical applications.
Solution overviewįigure 1 shows the solution architecture for scenario 1.įigure 1: Scenario 1 – Shield Advanced DDoS detected events visible in Security Hub This scenario represents a fully native and automated integration, where Shield Advanced DDoSDetected events (indicates whether a DDoS event is underway for a particular Amazon Resource Name (ARN)) are made visible as a security finding in Security Hub, through Firewall Manager. Scenario 1: Centralized visibility of DDoS detected events Automatic remediation of noncompliant resources.Centralized visibility into Shield Advanced DDoS events.
Set up codebox on centralized showing how to#
I’m going to cover two different scenarios that show you how to use Firewall Manager for: Security Hub integrates with Firewall Manager without the need for any action to be taken by you. Security Hub consumes, analyzes, and aggregates security events produced by your application running on AWS by consuming security findings. Firewall Manager is a security management service that enables you to centrally configure and manage firewall rules across your accounts and applications in an organization in AWS. Shield Advanced is a managed application security service that provides DDoS protection for your workloads against infrastructure layer (Layer 3–4) attacks, as well as application layer (Layer 7) attacks, by using AWS WAF. This enables you to easily manage resources that are out of compliance from your security policy and to view DDoS events that are detected across multiple accounts in a single view. In this blog post, I show you how to set up centralized monitoring for Shield Advanced–protected resources across multiple AWS accounts by using Firewall Manager and Security Hub. The recommended best practice to perform this type of monitoring involves using AWS Shield Advanced with AWS Firewall Manager, and integrating these with AWS Security Hub. After building these applications, setting up monitoring for resource compliance and security risks, such as distributed denial of service (DDoS) attacks across your AWS accounts, is just as important. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of adversely impactful activities that may occur in non-production environments. When you build applications on Amazon Web Services (AWS), it’s a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units.
0 kommentar(er)
